Embedded Platform Service ControllerAll services bundled with the Platform Services Controller are deployed on the same virtual machine or physical server as vCenter Server.

External Platform Service ControllerThe services bundled with the Platform Services Controller and vCenter Server are deployed on different virtual machines or physical servers.

You cannot switch the models after deployment, which means that after you deploy vCenter Server with an embedded Platform Services Controller, you cannot switch to vCenter Server with an external Platform Services Controller, and the reverse.

An external PSC can provide services to both vCenter on Windows and the vCenter Server Appliance (VCSA).

The default single sign-on domain is vsphere.local. This can be changed during the PSC installation.
The default single sign-on administrator user is administrator. The default administrator user cannot be changed during installation.

By default the VMware Certificate Authority (VMCA) provisions each ESXi host with a signed certificate that has VMCA as the root certificate authority.
Certificates for vCenter Server and the vCenter Server services are stored in the VMware Endpoint Certificate Store (VECS).
The VMCA root certificate expires after ten years by default. All certificates that VMCA signs expire when the root certificate expires.
When upgrading from earlier versions of vSphere the self-signed certificates are replaced with certificates signed by the VMCA.

ESXi Certificate Replacement Modes

VMware Certificate Authority mode – this is the default.VMCA issues certificates to hosts.

Custom Certificate Authority modeManually update and use certificates not signed or issued by the VMCA.

Thumbprint modeRetain 5.5 certificates.

View ESXi SSL Thumbprint in the DCUI from the View Support Information menu.

vHersey

Hersey Cartwright is an IT professional with extensive experience designing, implementing, managing, and supporting technologies that improve business processes. Hersey is Solutions Architect for HPE SimpliVity covering Virginia, Washington DC, and Maryland. He holds the VMware Certified Design Expert (VCDX-DV #128) certification. Hersey actively participates in the VMware community and was awarded the VMware vExpert title in 2016, 2015, 2014, 2013, and 2012. He enjoys working with, teaching, and writing about virtualization and other data center technologies. Follow Hersey on Twitter @herseyc